Re: [Observium] SNMPv3 with AES256

15 Jun 2015


      Thanks Adam, your explanation helps me better understand how Observium interacts with SNMP!
Thanks Mike, Here are the answers to your questions:
We definitely do not need this level of encryption!  I inherited these devices.
SNMPv3 with AES256 is functioning correctly as SolarWinds currently polls these devices.  We are looking to move away from SW.
Sample Devices:
WS-C2960S-24TS-L:         Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 12.2(58)SE2,
CISCO1921/K9:                 Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(4)M4,
Sanitized Configs:
This works for SolarWinds (256)
snmp-server user xxxuser xxxreadgroup v3 auth sha xxxpass priv aes 256 xxxpass access xxxx-RO
snmp-server group xxxreadgroup v3 priv read xxxview access xxxx-RO
snmp-server view xxxview internet included
snmp-server view xxxview  mib-2 included
This works for Observium (128)
snmp-server user xxxuser xxxreadgroup v3 auth sha xxxpass priv aes 128 xxxpass access xxxx-RO
snmp-server group xxxreadgroup v3 priv read xxxview access xxxx-RO
snmp-server view xxxview internet included
snmp-server view xxxview  mib-2 included
I just wanted to verify that this configuration will not work with net-snmp and my Observium setup so I can move on to plan B.
Thanks!
From: observium [mailto:observium-bounces@observium.org] On Behalf Of Mike Stupalov
Sent: Monday, June 15, 2015 11:10 AM
To: Observium Network Observation System
Subject: Re: [Observium] SNMPv3 with AES256
Hi,
many questions :)
* You are working in FBI? Why do you need this level of encryption :D
* On which cisco device/model you configure aes256? Show config example pls.
* Can be bug not in net-snmp, but on your devices? See https://tools.cisco.com/bugsearch/bug/CSCui94875/
My best solution - just use aes128 and READ ONLY view on your devices ;)
Observium support any snmp auth settings supported in net-snmp (snmpwalk/snmpget commands), see 'man snmpcmd'.
On Mon, Jun 15, 2015 at 6:37 PM, Thiedek, Vic <Vic.Thiedek@vgt.netmailto:Vic.Thiedek@vgt.net> wrote:
Greetings!
Does Observium support AES256 for SNMPv3 for Cisco Devices?
Testing with SHA / AES128            SNMPv3 Authentication Successful
Testing with SHA / AES256            SNMPv3 Authentication Fails
I would use AES128, but the environment (750+ devices) was already setup for AES256.
Thanks in advance!
Vic
_______________________________________________
observium mailing list
observium@observium.orgmailto:observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
--
Mike Stupalov
http://observium.org/